<?php

class Model
{

    function __construct($db)
    {
        try {
            $this->db = $db;
        } catch (PDOException $e) {
            exit('Database connection could not be established.');
        }
    }
	
    public function getAllCategories()
    {
        $sql = "SELECT category_id,name_en,name_ar FROM categories";
        $query = $this->db->prepare($sql);
        $query->execute();

        // fetchAll() is the PDO method that gets all result rows, here in object-style because we defined this in
        // core/controller.php! If you prefer to get an associative array as the result, then do
        // $query->fetchAll(PDO::FETCH_ASSOC); or change core/controller.php's PDO options to
        // $options = array(PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ...
        return $query->fetchAll();
    }


     public function addCategory($name_en,$name_ar)
    {
	            
        $sql = "INSERT INTO categories (name_en,name_ar) VALUES (:name_en,:name_ar)";
        $query = $this->db->prepare($sql);
        $parameters = array(':name_en' =>$name_en,':name_ar' =>$name_ar);
		

        // useful for debugging: you can see the SQL behind above construction by using:
        //echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);
    }

    public function deleteCategory($category_id)
    {
        $sql = "DELETE FROM categories WHERE category_id = :category_id";
        $query = $this->db->prepare($sql);
        $parameters = array(':category_id' => $category_id);

        // useful for debugging: you can see the SQL behind above construction by using:
        //echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);
    }

     public function getCategories()
    {
        $sql = "SELECT category_id,name_en,name_ar FROM categories";
        $query = $this->db->prepare($sql);
        $parameters = array();

        // useful for debugging: you can see the SQL behind above construction by using:
        // echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);

        // fetch() is the PDO method that get exactly one result
        return $query->fetchAll();
    }
    
    public function getCategory($category_id)
    {
        $sql = "SELECT category_id,name_en,name_ar FROM categories WHERE category_id= :category_id LIMIT 1";
        $query = $this->db->prepare($sql);
        $parameters = array(':category_id' => $category_id);

        // useful for debugging: you can see the SQL behind above construction by using:
        // echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);

        // fetch() is the PDO method that get exactly one result
        return $query->fetch();
    }

     public function updateCategory($name_en,$name_ar,$category_id)
    {
    
        $sql = "UPDATE categories SET name_en = :name_en ,name_ar = :name_ar  WHERE category_id = :category_id";
        $query = $this->db->prepare($sql);
        $parameters = array(':name_en' => $name_en,':name_ar' => $name_ar,':category_id' => $category_id);

        // useful for debugging: you can see the SQL behind above construction by using:
        //echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);
    }

    public function getAmountOfCategories()
    {
        $sql = "SELECT COUNT(category_id) AS amount_of_categories FROM categories";
        $query = $this->db->prepare($sql);
        $query->execute();

        // fetch() is the PDO method that get exactly one result
        return $query->fetch()->amount_of_categories;
    }

    public function uploadFile($files) {
    	
    	$uploaddir = '';
    	$filename = str_replace(' ', '-', basename($_FILES['image']['name']));
		$uploadfile = $uploaddir . $filename;
	    if (move_uploaded_file($_FILES['image']['tmp_name'], $uploadfile)) {
			return $uploadfile;
		} else {
			return "";
		}
    }
    
    public function addDigitalContent($title_en,$title_ar,$keywords_en,$keywords_ar,$historical_importance_en,$historical_importance_ar,$tags_en,$tags_ar,$geo_lat, $geo_lon,$category_id,$image)
    {
        $sql = "INSERT INTO digital_content ( title_en,title_ar,keywords_en,keywords_ar,historical_importance_en,historical_importance_ar,tags_en,tags_ar,geo_lat,geo_lon,category_id,image) VALUES (:title_en,:title_ar,:keywords_en,:keywords_ar,:historical_importance_en,:historical_importance_ar,:tags_en,:tags_ar,:geo_lat,:geo_lon,:category_id,:image)";
		
        $query = $this->db->prepare($sql);
        $parameters = array(':title_en' => $title_en,':title_ar'=>$title_ar,':keywords_en'=>$keywords_en,':keywords_ar'=>$keywords_ar,':historical_importance_en'=>$historical_importance_en,':historical_importance_ar'=>$historical_importance_ar,':tags_en'=>$tags_en,':tags_ar'=>$tags_ar,':geo_lat'=>$geo_lat,':geo_lon'=>$geo_lon,':category_id'=>$category_id,':image'=>$image);
                  
       // useful for debugging: you can see the SQL behind above construction by using:
       // echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $result = $query->execute($parameters);
        return $result;
    }

    public function getAllDigitalContent($category_id="")
    {
    	$where = "";
    	if($category_id)
    		$where = "WHERE category_id=$category_id";
        $sql = "SELECT * FROM digital_content $where";
        $query = $this->db->prepare($sql);
        $query->execute();

        // fetchAll() is the PDO method that gets all result rows, here in object-style because we defined this in
        // core/controller.php! If you prefer to get an associative array as the result, then do
        // $query->fetchAll(PDO::FETCH_ASSOC); or change core/controller.php's PDO options to
        // $options = array(PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ...
        return $query->fetchAll();
    }

	public function deleteDigitalContent($digital_content_id)
    {
        $sql = "DELETE FROM digital_content WHERE digital_content_id = :digital_content_id";
		//$sql = "DELETE FROM categories WHERE category_id = :category_id";
        $query = $this->db->prepare($sql);
        $parameters = array(':digital_content_id' => $digital_content_id);

        // useful for debugging: you can see the SQL behind above construction by using:
       // echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);
    }
	 
    public function getDigitalContent($digital_content_id)
    {
        $sql = "SELECT * FROM digital_content WHERE digital_content_id = :digital_content_id LIMIT 1";
        $query = $this->db->prepare($sql);
        $parameters = array(':digital_content_id' => $digital_content_id);

        // useful for debugging: you can see the SQL behind above construction by using:
      //   echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);

        // fetch() is the PDO method that get exactly one result
        return $query->fetch();
    }
    
	public function updateDigitalContent($title_en,$title_ar, $keywords_en,$keywords_ar,$historical_importance_en,$historical_importance_ar,$tags_en,$tags_ar,$geo_lat, $geo_lon,$category_id,$digital_content_id)
    {
        $sql = "UPDATE digital_content SET title_en = :title_en,title_ar= :title_ar, keywords_en = :keywords_en,keywords_ar = :keywords_ar, historical_importance_en= :historical_importance_en,historical_importance_ar= :historical_importance_ar,tags_en=:tags_en,tags_ar=:tags_ar,geo_lat=:geo_lat,geo_lon=:geo_lon,category_id=:category_id WHERE digital_content_id = :digital_content_id";
        $query = $this->db->prepare($sql);
        $parameters = array(
        	':title_en' => $title_en, 
			':title_ar' => $title_ar, 		
        	':keywords_en' => $keywords_en, 
        	':keywords_ar' => $keywords_ar, 
        	':historical_importance_en' => $historical_importance_en,
        	':historical_importance_ar' => $historical_importance_ar,
        	':tags_en' => $tags_en,
        	':tags_ar' => $tags_ar,
        	':geo_lat' => $geo_lat,
        	':geo_lon' => $geo_lon,
        	':category_id'=> $category_id,
        	':digital_content_id' => $digital_content_id
        );

        // useful for debugging: you can see the SQL behind above construction by using:
        // echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);
    }
    
	public function getamoutDigitalContent()
    {
        $sql = "SELECT COUNT(id) AS amount_of_digital_content FROM digital_content";
        $query = $this->db->prepare($sql);
        $query->execute();

        // fetch() is the PDO method that get exactly one result
        return $query->fetch()->amount_of_digital_content;
    }
	
	public function addProduct($product_name_ar,$product_description_ar,$product_name_en,$product_description_en,$image,$minprice,$maxprice,$colour,$weight,$size,$legnth,$weidth,$minnumber,$maxnumber,$type_ar,$type_en,$historical_description_ar,$historical_description_en,$category_id,$digital_content_id)
    {
	
        $sql = "INSERT INTO products (product_name_ar,product_description_ar,product_name_en,product_description_en,image,minprice,maxprice,colour,weight,size,legnth,weidth,minnumber,maxnumber,type_ar,type_en,historical_description_ar,historical_description_en,digital_content_id,category_id)
		 VALUES (:product_name_ar,:product_description_ar,:product_name_en,:product_description_en,:image,:minprice,:maxprice,:colour,:weight,:size,:legnth,:weidth,:minnumber,:maxnumber,:type_ar,:type_en,:historical_description_ar,:historical_description_en,:digital_content_id,:category_id)";
	    
       $query = $this->db->prepare($sql);
        $parameters = array(
		':product_name_ar'=> $product_name_ar,
		':product_description_ar'=> $product_description_ar,
		':product_name_en'=> $product_name_en,
		':product_description_en'=> $product_description_en,
		':image' => $image,
		':minprice' => $minprice,
		':maxprice' => $maxprice,
		':colour' => $colour,
		':weight' => $weight,
		':size' => $size,
		':legnth' => $legnth,
		':weidth' => $weidth,
		':minnumber' => $minnumber,
		':maxnumber' => $maxnumber,
		':maxnumber' => $maxnumber,
		':type_ar' => $type_ar,
		':type_en' => $type_en,
		':historical_description_ar' => $historical_description_ar,
		':historical_description_en' => $historical_description_en,		
		':category_id' => $category_id,
		':digital_content_id' => $digital_content_id);
                           
        // useful for debugging: you can see the SQL behind above construction by using:
         //echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);
		return $result;
    }

	public function getAllProducts($category_id)
    {
    	$where = "";
    	if($category_id)
    		$where = "WHERE category_id=$category_id";
        $sql = "SELECT * FROM products $where";
        $query = $this->db->prepare($sql);
        $query->execute();

        // fetchAll() is the PDO method that gets all result rows, here in object-style because we defined this in
        // core/controller.php! If you prefer to get an associative array as the result, then do
        // $query->fetchAll(PDO::FETCH_ASSOC); or change core/controller.php's PDO options to
        // $options = array(PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ...
        return $query->fetchAll();
    }
    
	public function getPendingProductsCount()
    {
        $sql = "SELECT count(*) as count FROM products WHERE status='pending'";
        $query = $this->db->prepare($sql);
        $query->execute();

        return $query->fetch();
    }
    
	public function getPendingCommentsCount()
    {
        $sql = "SELECT count(*) as count FROM comments WHERE status='pending'";
        $query = $this->db->prepare($sql);
        $query->execute();

        return $query->fetch();
    }
    
	public function getAllTransactions()
    {
        $sql = "SELECT * FROM transactions order by transaction_id";
        $query = $this->db->prepare($sql);
        $query->execute();

        // fetchAll() is the PDO method that gets all result rows, here in object-style because we defined this in
        // core/controller.php! If you prefer to get an associative array as the result, then do
        // $query->fetchAll(PDO::FETCH_ASSOC); or change core/controller.php's PDO options to
        // $options = array(PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ...
        return $query->fetchAll();
    }

	public function deleteProduct($product_id)
    {
        $sql = "DELETE FROM products WHERE product_id = :product_id";
        $query = $this->db->prepare($sql);
        $parameters = array(':product_id' => $product_id);

        // useful for debugging: you can see the SQL behind above construction by using:
        //echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);
    }
	 
	public function updateProduct($product_name_ar,$product_description_ar,$product_name_en,$product_description_en,$image,$minprice,$maxprice,$colour,$weight,$size,$legnth,$weidth,$minnumber,$maxnumber,$type_ar,$type_en,$historical_description_ar,$historical_description_en,$product_id,$status)
    {
	    
        $sql="UPDATE products SET product_name_ar=:product_name_ar,product_description_ar=:product_description_ar,product_name_en=:product_name_en,product_description_en=:product_description_en,image=:image,minprice=:minprice,maxprice=:maxprice,colour=:colour,weight=:weight,size=:size,legnth=:legnth,weidth=:weidth,minnumber=:minnumber,maxnumber=:maxnumber,type_ar=:type_ar,type_en=:type_en,historical_description_ar=:historical_description_ar,historical_description_en=:historical_description_en,status=:status WHERE product_id =:product_id ";
		$query = $this->db->prepare($sql);
        $parameters = array(
		':product_name_ar'=>$product_name_ar,
		':product_description_ar'=>$product_description_ar,
		':product_name_en'=>$product_name_en,
		':product_description_en'=>$product_description_en,
		':image' => $image,
		':minprice' => $minprice,
		':maxprice' => $maxprice,
		':colour' => $colour,
		':weight' => $weight,
		':size' => $size,
		':legnth' => $legnth,
		':weidth' => $weidth,
		':minnumber' => $minnumber,
		':maxnumber' => $maxnumber,
		':type_ar' => $type_ar,
		':type_en' => $type_en,
		':historical_description_ar' => $historical_description_ar,
		':historical_description_en' => $historical_description_en,
		':product_id' => $product_id,
		':status'=>$status);

		
		// useful for debugging: you can see the SQL behind above construction by using:
        // echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);
    }
    
	public function getProduct($product_id)
    {
        $sql = "SELECT * FROM products WHERE product_id = :product_id LIMIT 1";
        $query = $this->db->prepare($sql);
        $parameters = array(':product_id' =>$product_id);

        // useful for debugging: you can see the SQL behind above construction by using:
        // echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);

        // fetch() is the PDO method that get exactly one result
        return $query->fetch();
    }
	
	public function showaprovedproduct()
    {   
        $sql = "
        SELECT `product_id`, `product_name_ar`, `product_description_ar`, `product_name_en`, `product_description_en`, `image`, 
	`minprice`, `maxprice`, `colour`, `weight`, `size`, `legnth`, `weidth`, `minnumber`, `maxnumber`, `type_ar`,`type_en`, `historical_description_ar`,`historical_description_en`,
	`category_id`, `digital_content_id`, `votes_count`, `status` FROM `products` WHERE status = 'aproved'
		";
        $query = $this->db->prepare($sql);
        $query->execute();

		//echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();
       
		$query->execute($parameters);
		return $query->fetchAll();
		

    }
	
	public function getAllComments()
    {            
        $sql = "SELECT comment_id, user_id, digital_content_id,comment,status FROM comments  ";
        $query = $this->db->prepare($sql);
        $query->execute();

        // fetchAll() is the PDO method that gets all result rows, here in object-style because we defined this in
        // core/controller.php! If you prefer to get an associative array as the result, then do
        // $query->fetchAll(PDO::FETCH_ASSOC); or change core/controller.php's PDO options to
        // $options = array(PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ...
        return $query->fetchAll();
    }
     public function showaprovedcomment($digital_content_id)
    {   
        $sql = "SELECT comment_id, user_id, digital_content_id,comment,status FROM comments WHERE digital_content_id= :digital_content_id and status='aproved' ";
        $query = $this->db->prepare($sql);
        $query->execute();

		$parameters = array(':digital_content_id'=>$digital_content_id);        
		//echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();
       
		$query->execute($parameters);
		return $query->fetchAll();
		
		
     //       echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

       // return $query->fetchAll();
    }
    
	public function deleteComment($comment_id)
    {
        $sql = "DELETE FROM comments WHERE comment_id = :comment_id";
        $query = $this->db->prepare($sql);
        $parameters = array(':comment_id' => $comment_id);

        // useful for debugging: you can see the SQL behind above construction by using:
        // echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);
    }
    
	public function getComment($comment_id)
    {
        $sql = "SELECT * FROM comments WHERE comment_id=:comment_id LIMIT 1";
        $query = $this->db->prepare($sql);
        $parameters = array(':comment_id' =>$comment_id);

        // useful for debugging: you can see the SQL behind above construction by using:
        // echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);

        // fetch() is the PDO method that get exactly one result
        return $query->fetch();
    }
    
	public function updateComment($comment_id,$status)
    {    	
        $sql = "UPDATE comments SET  status =:status WHERE comment_id =:comment_id";
        $query = $this->db->prepare($sql);
        $parameters = array(':comment_id'=>$comment_id,':status'=>$status);

        // useful for debugging: you can see the SQL behind above construction by using:
         //echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);
    }
	
    public function addComment($user_id,$digital_content_id,$comment,$status)
    {
	    $sql = "INSERT INTO comments (user_id,digital_content_id,comment,status) VALUES (:user_id,:digital_content_id,:comment,:status)";   
        $query = $this->db->prepare($sql);
        $parameters = array(':user_id'=>$user_id,':digital_content_id'=>$digital_content_id,':comment'=>$comment,':status'=>$status);                         
        // useful for debugging: you can see the SQL behind above construction by using:
        //echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();
        $query->execute($parameters);
    }
	
    public function getAllVotes()
    {
        $sql ="SELECT * FROM votes ";
        $query = $this->db->prepare($sql);
        $query->execute();

        return $query->fetchAll();
    }
    
	public function getAllUsers()
    {
        $sql = "SELECT user_id ,username  FROM users";
        $query = $this->db->prepare($sql);
        $query->execute();

        return $query->fetchAll();
    }
	
	public function signin($username,$password)
	{ 
		$sql = "SELECT * FROM admins WHERE username= :username and password=:password ";
		$query = $this->db->prepare($sql);
		$parameters = array(':username'=>$username,':password'=>$password);        
		//echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();
       
		$query->execute($parameters);
		return $query->fetchAll();
	}
	
	public function signup($username,$password)
	{ 
	   $sql = "INSERT INTO users (username,password) VALUES (:username,:password) ";
        $query = $this->db->prepare($sql);
        $query->execute();
	}
	
	public function userSignUp()
	{ 
	   $sql = "INSERT INTO users (
				`first_name` ,
				`last_name` ,
				`email` ,
				`password` ,
				`address` ,
				`city` ,
				`country` ,
				`phone` ,
				`postal_code`
				)
				VALUES (
				:first_name, :last_name, :email, :password, :address, :city, :country, :phone, :postal_code
				);";
        $query = $this->db->prepare($sql);
        $parameters = array(
        	':first_name'=>$_POST['first_name'],':last_name'=>$_POST['last_name'],':email'=>$_POST['email'],':password'=>$_POST['password'],
        	':address'=>$_POST['address'],':city'=>$_POST['city'],':country'=>$_POST['country'],':phone'=>$_POST['phone'],
        	':postal_code'=>$_POST['postal_code']
        );
        
        //echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();
        
        $result = $query->execute($parameters);
        return $result;
	}
	
	public function userLogin($email,$password)
	{ 
		$sql = "SELECT * FROM users WHERE email= :email and password=:password ";
		$query = $this->db->prepare($sql);
		$parameters = array(':email'=>$email,':password'=>$password);        
		//echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();
       
		$query->execute($parameters);
		return $query->fetch();
	}
	
	 public function getAllBreakingNews()
    {
        $sql = "SELECT * FROM breaking_news";
        $query = $this->db->prepare($sql);
        $query->execute();

        // fetchAll() is the PDO method that gets all result rows, here in object-style because we defined this in
        // core/controller.php! If you prefer to get an associative array as the result, then do
        // $query->fetchAll(PDO::FETCH_ASSOC); or change core/controller.php's PDO options to
        // $options = array(PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ...
        return $query->fetchAll();
    }

    public function addBreakingNews($news_en, $news_ar, $news)
    {
        $sql = "INSERT INTO breaking_news (news_en, news_ar, news) VALUES (:news_en, :news_ar, :news)";
        $query = $this->db->prepare($sql);
        $parameters = array(':news_en' => $news_en, ':news_ar' => $news_ar, ':news' => $news);

        // useful for debugging: you can see the SQL behind above construction by using:
        // echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);
    }

    public function deleteBreakingNews($breaking_news_id)
    {
        $sql = "DELETE FROM breaking_news WHERE breaking_news_id=:breaking_news_id";
        $query = $this->db->prepare($sql);
        $parameters = array(':breaking_news_id' => $breaking_news_id);

        // useful for debugging: you can see the SQL behind above construction by using:
        // echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);
    }
    
   public function getbreaking_news($breaking_news_id)
    {
        $sql = "SELECT breaking_news_id, news_en, news_ar,news FROM breaking_news WHERE breaking_news_id = :breaking_news_id LIMIT 1";
        $query = $this->db->prepare($sql);
        $parameters = array(':breaking_news_id' => $breaking_news_id);

        // useful for debugging: you can see the SQL behind above construction by using:
        // echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $query->execute($parameters);

        // fetch() is the PDO method that get exactly one result
        return $query->fetch();
    }

	public function getBasketItems($user_id)
    {
        $sql = "SELECT * FROM basket WHERE user_id=$user_id";
        $query = $this->db->prepare($sql);
        $query->execute();

        return $query->fetchAll();
    }

	public function addProductToBasket($product_id, $user_id)
    {
    	$productDetails = $this->getProduct($product_id);
    	$product_price = $productDetails->maxprice;
    	
        $sql = "INSERT INTO basket (product_id, user_id, product_price) VALUES (:product_id, :user_id, :product_price)";
        $query = $this->db->prepare($sql);
        $parameters = array(':product_id' => $product_id, ':user_id' => $user_id, ':product_price' => $product_price);

        // useful for debugging: you can see the SQL behind above construction by using:
        // echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $result = $query->execute($parameters);
        return $result;
    }

	public function productVote($product_id, $user_id)
    {
    	$sql = "UPDATE products SET votes_count = votes_count+1 WHERE product_id=$product_id LIMIT 1 ;";
        $query = $this->db->prepare($sql);
        $result = $query->execute($parameters);
    	
        $sql = "INSERT INTO votes (product_id, user_id) VALUES (:product_id, :user_id)";
        $query = $this->db->prepare($sql);
        $parameters = array(':product_id' => $product_id, ':user_id' => $user_id);

        // useful for debugging: you can see the SQL behind above construction by using:
        // echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $result = $query->execute($parameters);
        return $result;
    }
     
    
    public function validateCreditCard($cardHolderName,$cardNumber,$expiryMonth,$expiryYear,$cvv) {
    	$results = false;
    	if($cardNumber == '1234')
    		$results = true;
    	return $results;
    }
    
    public function processPayment($user_id,$amount) {
    	
    	// Insert transaction 
    	$sql = "INSERT INTO transactions (user_id, amount) VALUES (:user_id, :amount)";
        $query = $this->db->prepare($sql);
        $parameters = array(':user_id' => $user_id, ':amount' => $amount);

        // useful for debugging: you can see the SQL behind above construction by using:
        // echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $result = $query->execute($parameters);
        
        // If inserted into transaction then remove all basket items
        if($result) {
        	$sql = "DELETE FROM basket WHERE user_id=:user_id";
	        $query = $this->db->prepare($sql);
	        $parameters = array(':user_id' => $user_id);
	        $query->execute($parameters);
        }
        return $result;     	
    }
		public function showvotes($product_id)
    {
    	$sql = "SELECT  votes_count from  products WHERE product_id=$product_id LIMIT 1 ;";
        $query = $this->db->prepare($sql);
       
        $parameters = array(':product_id' => $product_id);

        // useful for debugging: you can see the SQL behind above construction by using:
        // echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $result = $query->execute($parameters);
        return $result;
    }
    public function addslideshow($image){
	
	$sql = "INSERT INTO slideshow (image) VALUES (:image)";
        $query = $this->db->prepare($sql);
        $parameters = array(':image' => $image);

        // useful for debugging: you can see the SQL behind above construction by using:
        //echo '[ PDO DEBUG ]: ' . Helper::debugPDO($sql, $parameters);  exit();

        $result = $query->execute($parameters);
        
	
	}
	
	 public function getAllSlideshows()
    {
        $sql = "SELECT * FROM slideshow";
        $query = $this->db->prepare($sql);
        $query->execute();

        // fetchAll() is the PDO method that gets all result rows, here in object-style because we defined this in
        // core/controller.php! If you prefer to get an associative array as the result, then do
        // $query->fetchAll(PDO::FETCH_ASSOC); or change core/controller.php's PDO options to
        // $options = array(PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ...
        return $query->fetchAll();
    }
	
 	
	
}
